From e859b89cec0b2ec058cfe10764957cda2058a00a Mon Sep 17 00:00:00 2001 From: teoberi Date: Sun, 3 Jan 2021 11:54:35 +0200 Subject: Update consts Fix the variable name for PostgreSQL --- include/consts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/consts b/include/consts index bb1d63ff..9c4e1ea0 100644 --- a/include/consts +++ b/include/consts @@ -232,7 +232,7 @@ ETC_PATHS="/etc /usr/local/etc" PLUGINDIR="" PLUGIN_PHASE=0 POSTFIXBINARY="" - POSTGRES_RUNNING=0 + POSTGRESQL_RUNNING=0 PREVIOUS_TEST="No test ID" PREVIOUS_TS=0 PROFILES="" -- cgit v1.2.3 From 49b53982663d597d143b508ac95d7d47700c7c4a Mon Sep 17 00:00:00 2001 From: teoberi Date: Sun, 3 Jan 2021 12:02:38 +0200 Subject: Update tests_databases Fix the process name for PostgreSQL Add new path to variable FIND_PATHS Fix variable CONFIG_FILES Check permissions for configuration files --- include/tests_databases | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/tests_databases b/include/tests_databases index 9c8e1de0..3f8777f0 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -174,7 +174,7 @@ # Description : Check if PostgreSQL is being used Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes" if [ ${SKIPTEST} -eq 0 ]; then - if IsRunning "postgres:"; then + if IsRunning "postgres"; then Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN LogText "Result: PostgreSQL is active" POSTGRESQL_RUNNING=1 @@ -203,11 +203,17 @@ Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" if [ ${SKIPTEST} -eq 0 ]; then - FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data" - CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"') + FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" + CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") for CF in ${CONFIG_FILES}; do Report "postgresql_config_file[]=${CF}" LogText "Found configuration file (${CF})" + if IsWorldReadable ${CF}; then + LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!" + ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions" + else + LogText "Result: great, configuration file ${CF} is not world readable" + fi done fi # -- cgit v1.2.3 From 82db00202598d274bf9dd602761c44e4abaec74f Mon Sep 17 00:00:00 2001 From: teoberi Date: Thu, 7 Jan 2021 21:16:19 +0200 Subject: Update tests_databases Change pattern to detect all configuration files --- include/tests_databases | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/tests_databases b/include/tests_databases index 3f8777f0..1fcafa25 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -204,7 +204,7 @@ Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" if [ ${SKIPTEST} -eq 0 ]; then FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" - CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") + CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") for CF in ${CONFIG_FILES}; do Report "postgresql_config_file[]=${CF}" LogText "Found configuration file (${CF})" -- cgit v1.2.3 From ed3d75872edbb44873b6e83c477e49bacb218450 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 30 Apr 2021 22:07:42 +0200 Subject: add support for additional Aide db paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- include/tests_file_integrity | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/tests_file_integrity b/include/tests_file_integrity index 68d02c5f..8a38b97e 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -104,7 +104,7 @@ if [ -n "${AIDEBINARY}" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Presence of AIDE database and size check" if [ ${SKIPTEST} -eq 0 ]; then - AIDE_DB=$(${GREPBINARY} ^database= ${AIDECONFIG} | ${SEDBINARY} "s/.*://") + AIDE_DB=$(${EGREPBINARY} '(^database|^database_in)=' ${AIDECONFIG} | ${SEDBINARY} "s/.*://") if case ${AIDE_DB} in @@*) ;; *) false;; esac; then I=$(${GREPBINARY} "@@define.*DBDIR" ${AIDECONFIG} | ${AWKBINARY} '{print $3}') AIDE_DB=$(echo ${AIDE_DB} | ${SEDBINARY} "s#.*}#${I}#") -- cgit v1.2.3 From 7044d7647ec5731a3bd954e9af99768ad7aa06df Mon Sep 17 00:00:00 2001 From: Idesmi <21034950+Idesmi@users.noreply.github.com> Date: Fri, 14 May 2021 11:00:39 +0200 Subject: Added openSUSE MicroOS --- include/osdetection | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/osdetection b/include/osdetection index 6d0e161f..6ae742bf 100644 --- a/include/osdetection +++ b/include/osdetection @@ -291,6 +291,11 @@ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="openSUSE" ;; + "opensuse-microos") + LINUX_VERSION="openSUSE MicroOS" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_NAME="openSUSE" + ;; "parrot") LINUX_VERSION="Parrot" OS_NAME="Parrot GNU/Linux" -- cgit v1.2.3 From fff5df170e00380e1882ca10a4dd00e0c1ada640 Mon Sep 17 00:00:00 2001 From: Alexander Lackner Date: Tue, 15 Jun 2021 20:49:00 +0200 Subject: Fix Big Sur Detection and add macOS Monterey --- include/osdetection | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/osdetection b/include/osdetection index 7b1e911c..ef6cd240 100644 --- a/include/osdetection +++ b/include/osdetection @@ -62,7 +62,8 @@ 10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;; 10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;; 10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;; - 11.0 | 11.0[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; + 11 | 11.[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; + 12 | 12.[0-9]*) OS_FULLNAME="macOS Monterey (${OS_VERSION})" ;; *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; esac else -- cgit v1.2.3 From b556450364ee194d47a763c3dc071143bca8cb1d Mon Sep 17 00:00:00 2001 From: Rob Chekaluk Date: Mon, 21 Jun 2021 08:53:43 -0400 Subject: FILE-6344: support hidepid textual values --- include/tests_filesystems | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/tests_filesystems b/include/tests_filesystems index d3a6eaab..ce93b018 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -339,6 +339,7 @@ # # Test : FILE-6344 # Description : Check proc mount options (Linux >=3.3 only) + # hidepid textual values available kernel >= 5.8 only) # Examples : proc /proc proc defaults,hidepid=2 0 0 # Goal : Users should not be able to see processes of other users if [ "${OS}" = "Linux" -a -f ${ROOTDIR}proc/version ]; then @@ -353,15 +354,20 @@ Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking proc mount options" if [ ${SKIPTEST} -eq 0 ]; then # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least + # https://www.kernel.org/doc/html/latest/filesystems/proc.html#chapter-4-configuring-procfs LogText "Test: check proc mount with incorrect mount options" - FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=[0-9]") - if [ "${FIND}" = "hidepid=2" ]; then + FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=([0-9]|[a-z][a-z]*)") + if [ "${FIND}" = "hidepid=4" -o "${FIND}" = "hidepid=ptraceable" ]; then # https://lwn.net/Articles/817137/ Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN - LogText "Result: proc mount mounted with hidepid=2" + LogText "Result: proc mount mounted with ${FIND}" AddHP 3 3 - elif [ "${FIND}" = "hidepid=1" ]; then + elif [ "${FIND}" = "hidepid=2" -o "${FIND}" = "hidepid=invisible" ]; then Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN - LogText "Result: proc mount mounted with hidepid=1" + LogText "Result: proc mount mounted with ${FIND}" + AddHP 3 3 + elif [ "${FIND}" = "hidepid=1" -o "${FIND}" = "hidepid=noaccess" ]; then + Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN + LogText "Result: proc mount mounted with ${FIND}" AddHP 2 3 elif [ -z "${FIND}" ]; then # HIDEPID1_SUGGESTION=" (or at least hidepid=1)" -- cgit v1.2.3 From e2aa40665c95a278286cfb39c530960ed5f11f71 Mon Sep 17 00:00:00 2001 From: just-some-tall-bloke Date: Fri, 9 Jul 2021 11:06:12 +0200 Subject: Update osdetection Added NethServer https://www.nethserver.org/ --- include/osdetection | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include') diff --git a/include/osdetection b/include/osdetection index 7b1e911c..47dbd216 100644 --- a/include/osdetection +++ b/include/osdetection @@ -279,6 +279,12 @@ OS_NAME="Manjaro" OS_VERSION="Rolling release" ;; + "nethserver") + LINUX_VERSION="NethServer" + OS_NAME="NethServer" + OS_REDHAT_OR_CLONE=1 + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "nixos") LINUX_VERSION="NixOS" OS_NAME="NixOS" -- cgit v1.2.3 From 2816ed55988e4fd2f46e3c057a63b5a35707117b Mon Sep 17 00:00:00 2001 From: digitalcheetah <70912302+digitalcheetah@users.noreply.github.com> Date: Sun, 11 Jul 2021 04:25:38 +0000 Subject: Adding Artix Linux to osdetection --- include/osdetection | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/osdetection b/include/osdetection index 7b1e911c..5f0f16ac 100644 --- a/include/osdetection +++ b/include/osdetection @@ -173,6 +173,11 @@ OS_FULLNAME="Arch Linux 32" OS_VERSION="Rolling release" ;; + artix") + LINUX_VERSION="Artix Linux" + OS_FULLNAME="Artix Linux" + OS_VERSION="Rolling release" + ;; "bunsenlabs") LINUX_VERSION="BunsenLabs" OS_NAME="BunsenLabs" -- cgit v1.2.3 From aa91bb4c85b105d4884e19b7a253024e90c92ac0 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Mon, 12 Jul 2021 15:21:35 +0200 Subject: Corrected syntax --- include/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/functions b/include/functions index 33a4edb9..6c4d76c7 100644 --- a/include/functions +++ b/include/functions @@ -991,7 +991,7 @@ "Linux") # Try fetching information from /sys in case 'ip' is not available or does not give expected results - if IsEmpty "${FIND}" -a -d /sys/class/net ]; then + if IsEmpty "${FIND}" && [ -d /sys/class/net ]; then NET_INTERFACES=$(${FINDBINARY} /sys/class/net ! -type d -exec realpath {} \; 2> /dev/null | sort | awk -F'/' '!/virtual/ && /devices/ {for (x=1;x<=NF;x++) if ($x~"net") print $(x+1)}') for INTERFACE in ${NET_INTERFACES}; do if grep -q -s 'up' "/sys/class/net/${INTERFACE}/operstate"; then -- cgit v1.2.3 From 6755ac45c24f1e473907af0ebba3f17117592ec4 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 20 Jul 2021 11:30:23 +0200 Subject: Replaced tab with space --- include/binaries | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/binaries b/include/binaries index 95182a2f..f5054c88 100644 --- a/include/binaries +++ b/include/binaries @@ -203,7 +203,7 @@ logrotate) LOGROTATEBINARY="${BINARY}"; LogText " Found known binary: logrotate (log rotation tool) - ${BINARY}" ;; ls) LSBINARY="${BINARY}"; LogText " Found known binary: ls (file listing) - ${BINARY}" ;; lsattr) LSATTRBINARY="${BINARY}"; LogText " Found known binary: lsattr (file attributes) - ${BINARY}" ;; - lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; + lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; lsmod) LSMODBINARY="${BINARY}"; LogText " Found known binary: lsmod (kernel modules) - ${BINARY}" ;; lsof) LSOFBINARY="${BINARY}" -- cgit v1.2.3 From 3a03af42aa0464f4fc54e8e99dee5115dc0ed77d Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 20 Jul 2021 11:31:18 +0200 Subject: Fix: show 'egrep' instead of 'grep' when egrep is missing --- include/binaries | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/binaries b/include/binaries index f5054c88..fb8147ce 100644 --- a/include/binaries +++ b/include/binaries @@ -340,7 +340,7 @@ [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found" [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found" [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found" - [ "${EGREPBINARY:-}" ] || ExitFatal "grep binary not found" + [ "${EGREPBINARY:-}" ] || ExitFatal "egrep binary not found" [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found" [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found" [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found" -- cgit v1.2.3 From 71c15afbd12381c1025e5b7a779abffa15f8ee4f Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 20 Jul 2021 16:32:18 +0200 Subject: Added missing quote --- include/osdetection | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/osdetection b/include/osdetection index 52f26adf..8377a1ae 100644 --- a/include/osdetection +++ b/include/osdetection @@ -173,7 +173,7 @@ OS_FULLNAME="Arch Linux 32" OS_VERSION="Rolling release" ;; - artix") + "artix") LINUX_VERSION="Artix Linux" OS_FULLNAME="Artix Linux" OS_VERSION="Rolling release" -- cgit v1.2.3 From ad5909372d0f00319e40da48b612a2a06cfa065b Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Wed, 21 Jul 2021 13:16:08 +0200 Subject: PKGS-7410: don't show exception for systems running LXC --- include/tests_ports_packages | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 57f0f25b..2f0b98da 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -1316,11 +1316,18 @@ # Only report exception if there are kernels actually there. For example, LXC use the kernel of host system case "${OS}" in "Linux") - if [ -d "${ROOTDIR}boot" ]; then - if [ -z "$(${FINDBINARY} /boot -maxdepth 1 -type f -name 'vmlinuz*' -print -quit)" ]; then - ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" - fi - fi + case "${CONTAINER_TYPE}" in + "LXC") + LogText "Info: LXC shares the kernel with host, so skipping further testing" + ;; + *) + if [ -d "${ROOTDIR}boot" ]; then + if [ -z "$(${FINDBINARY} /boot -maxdepth 1 -type f -name 'vmlinuz*' -print -quit)" ]; then + ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" + fi + fi + ;; + esac ;; *) ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" -- cgit v1.2.3 From b0bee6584389dec8fbfe95176246b22904e861a6 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Wed, 21 Jul 2021 15:26:48 +0200 Subject: KRNL-5830: sort kernels by version (ls -v) instead of date on disk (ls -t) --- include/tests_kernel | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/tests_kernel b/include/tests_kernel index 19ed4dae..610fd325 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -673,9 +673,9 @@ LogText "Result: found ${ROOTDIR}boot/vmlinuz-lts" FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-lts else - # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default. Get newest file (ls -t and pipe into head) + # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default. Sort based on versions (-v) and then find the last item # Note: ignore a rescue kernel (e.g. CentOS) - FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${HEADBINARY} -1) + FOUND_VMLINUZ=$(${LSBINARY} -v ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${TAILBINARY} -1) LogText "Result: found ${FOUND_VMLINUZ}" fi @@ -749,6 +749,7 @@ done # Display kernels, extract version numbers and ${SORTBINARY} them numeric per column (up to 6 numbers) # Ignore rescue images. Remove generic. and huge. for Slackware machines + # TODO: see if this can be simplified using ls -v sorting LogText "Action: checking relevant kernels" KERNELS=$(${LSBINARY} /boot/vmlinuz* | ${GREPBINARY} -v rescue | ${SEDBINARY} 's/vmlinuz-//' | ${SEDBINARY} 's/generic.//' | ${SEDBINARY} 's/huge.//' | ${SEDBINARY} 's/\.[a-z].*.//g' | ${SEDBINARY} 's/-[a-z].*.//g' | ${SEDBINARY} 's./boot/..' | ${SEDBINARY} 's/-/./g' | ${SORTBINARY} -n -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -t \.) KERNELS_ONE_LINE=$(${ECHOCMD} ${KERNELS} | ${TRBINARY} '\n' ' ') -- cgit v1.2.3 From 886adae4efaeda3bf5d04a47fa28da3c6e0a926e Mon Sep 17 00:00:00 2001 From: Zachary Lee Andrews Date: Fri, 23 Jul 2021 22:38:31 -0400 Subject: Use posix egrep options, fixing issue #1166 --- include/tests_crypto | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/tests_crypto b/include/tests_crypto index 227401c3..89ad1e62 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -80,7 +80,7 @@ if [ ${CANREAD} -eq 1 ]; then # Only check the files that are not installed by a package, unless enabled by profile if [ ${SSL_CERTIFICATE_INCLUDE_PACKAGES} -eq 1 ] || ! FileInstalledByPackage "${FILE}"; then - echo ${FILE} | ${EGREPBINARY} --quiet ".cer$|.der$" + echo ${FILE} | ${EGREPBINARY} -q ".cer$|.der$" CER_DER=$? OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}") if [ $? -eq 0 -o ${CER_DER} -eq 0 ]; then @@ -200,7 +200,7 @@ LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) Report "encrypted_swap[]=${BLOCK_DEV},LUKS" - elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} --quiet "cipher:"; then + elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} -q "cipher:"; then LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) Report "encrypted_swap[]=${BLOCK_DEV},other" -- cgit v1.2.3 From 55cc7215ea670b8275a1fbbaebca4f7c81c67646 Mon Sep 17 00:00:00 2001 From: Zachary Lee Andrews Date: Fri, 23 Jul 2021 22:44:36 -0400 Subject: grep options change from gnu to posix fix issue #1167 --- include/tests_networking | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/tests_networking b/include/tests_networking index 6a33451c..ffd9242b 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -758,7 +758,7 @@ fi # Then additional modprobe configuration files if [ -d ${ROOTDIR}etc/modprobe.d ]; then - DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) + DATA=$(${GREPBINARY} -l -s "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${DATA}" ]; then UNCOMMON_PROTOCOL_DISABLED=1 for F in ${DATA}; do -- cgit v1.2.3 From c74bc10db87172a03c285efffbe85f6e4e1c6ef4 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 27 Jul 2021 10:44:08 +0200 Subject: Added MALW-3290, Trend Micro malware agent detection, added agent and rootkit scanner status --- include/tests_malware | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) (limited to 'include') diff --git a/include/tests_malware b/include/tests_malware index 4f68b9aa..cb13ca96 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -37,9 +37,12 @@ KASPERSKY_SCANNER_RUNNING=0 MCAFEE_SCANNER_RUNNING=0 MALWARE_SCANNER_INSTALLED=0 + MALWARE_DAEMON_RUNNING=0 + ROOTKIT_SCANNER_FOUND=0 SOPHOS_SCANNER_RUNNING=0 SYMANTEC_SCANNER_RUNNING=0 SYNOLOGY_DAEMON_RUNNING=0 + TRENDMICRO_DSA_DAEMON_RUNNING=0 # ################################################################################# # @@ -52,6 +55,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${CHKROOTKITBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=chkrootkit" else @@ -70,6 +74,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${RKHUNTERBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=rkhunter" else @@ -108,6 +113,7 @@ if IsRunning "com.avast.daemon"; then FOUND=1 AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avast security product" @@ -119,6 +125,7 @@ if IsRunning "avqmd"; then FOUND=1 AVIRA_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avira security product" @@ -130,6 +137,7 @@ if IsRunning "bdagentd" || IsRunning "epagd"; then FOUND=1 BITDEFENDER_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Bitdefender security product" @@ -154,6 +162,7 @@ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found CylancePROTECT service" AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=cylance-protect" fi @@ -163,6 +172,7 @@ if IsRunning "esets_daemon"; then FOUND=1 ESET_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found ESET security product" @@ -181,6 +191,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Kaspersky" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=kaspersky" fi @@ -197,6 +208,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found McAfee" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=mcafee" fi @@ -215,6 +227,7 @@ if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Sophos" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=sophos" fi @@ -235,6 +248,7 @@ if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found one or more Symantec components" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 FOUND=1 Report "malware_scanner[]=symantec" @@ -245,18 +259,33 @@ if IsRunning "synoavd"; then FOUND=1 SYNOLOGY_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Synology Antivirus Essential" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Synology Antivirus Essential" Report "malware_scanner[]=synoavd" fi + # Trend Micro Anti Malware for Linux + # Typically ds_agent is running as well, the Deep Security Agent + LogText "Test: checking process ds_agent to test for Trend Micro Deep Anti Malware component" + if IsRunning "ds_am"; then + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro Anti Malware" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Trend Micro Anti Malware component" + FOUND=1 + MALWARE_SCANNER_INSTALLED=1 + MALWARE_DAEMON_RUNNING=1 + TRENDMICRO_DSA_DAEMON_RUNNING=1 + Report "malware_scanner[]=trend-micro-am" + fi + # TrendMicro (macOS) LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)" if IsRunning "TmccMac"; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Trend Micro component" FOUND=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=trend-micro-av" fi @@ -298,6 +327,7 @@ if IsRunning "clamd"; then Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN LogText "Result: found running clamd process" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 CLAMD_RUNNING=1 else @@ -354,6 +384,31 @@ # ################################################################################# # + # Test : MALW-3290 + # Description : Presence of malware scanners + Register --test-no MALW-3290 --weight L --network NO --category security --description "Presence of for malware detection" + if [ ${SKIPTEST} -eq 0 ]; then + if [ ${MALWARE_SCANNER_INSTALLED} -eq 0 ]; then + Display --indent 2 --text "- Malware software components" --result "${STATUS_NOT_FOUND}" --color YELLOW + else + Display --indent 2 --text "- Malware software components" --result "${STATUS_FOUND}" --color GREEN + if [ ${MALWARE_DAEMON_RUNNING} -eq 0 ]; then + Display --indent 4 --text "- Active agent" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Active agent" --result "${STATUS_FOUND}" --color GREEN + fi + if [ ${ROOTKIT_SCANNER_FOUND} -eq 0 ]; then + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_FOUND}" --color GREEN + fi + fi + fi +# +################################################################################# +# + + Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}" -- cgit v1.2.3 From d59970ef165ba43d8a8cb063bde0402d914b6755 Mon Sep 17 00:00:00 2001 From: Glowsome Date: Wed, 28 Jul 2021 17:25:04 +0200 Subject: Update tests_databases Add mariadb as binary to check --- include/tests_databases | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/tests_databases b/include/tests_databases index 19d48f53..9a8755bf 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -45,7 +45,7 @@ # Description : Check if MySQL is being used Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mariadb|mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") if [ -z "${FIND}" ]; then if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- MySQL process status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi LogText "Result: MySQL process not active" -- cgit v1.2.3 From 9ba09ac4087f5a9500634bdf103fb950b99b7364 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Thu, 29 Jul 2021 14:52:29 +0200 Subject: Update tests_networking --- include/tests_networking | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/tests_networking b/include/tests_networking index ffd9242b..c615e6d0 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -758,6 +758,7 @@ fi # Then additional modprobe configuration files if [ -d ${ROOTDIR}etc/modprobe.d ]; then + # Return file names (-l) and suppress errors (-s) DATA=$(${GREPBINARY} -l -s "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${DATA}" ]; then UNCOMMON_PROTOCOL_DISABLED=1 -- cgit v1.2.3 From 43054c0999f6e90f2dfef16228e6a2a147a36e6e Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Fri, 30 Jul 2021 08:17:03 +0200 Subject: Added 'RedHat' to OS detection routine (RHEL 6) --- include/osdetection | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/osdetection b/include/osdetection index 16d47a71..a4d3aa41 100644 --- a/include/osdetection +++ b/include/osdetection @@ -346,7 +346,7 @@ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="Raspbian" ;; - "rhel") + "redhat" | "rhel") LINUX_VERSION="RHEL" OS_NAME="RHEL" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') -- cgit v1.2.3